Friday, January 8, 2010

Recently Blizzard (vendor of World of Warcraft as well as the upcoming Diablo 3 and Starcraft 2 titles) has switched over to their networked gaming platform Battle.net to manage all accounts for their games. In doing this, they've also pushed out an authenticator that's much like many high tech employees use to work from home. These little gadgets have a secret formula that they use to produce the next number in a sequence every time you press the button. Battle.net knows this sequence, and can verify your identity by making sure that the code you enter is the next (or nearly next, just to allow for mistakes) number.

The first concern is simply monetary. Many players can pay their monthly fee and that's it. They really won't pay $6 more to keep playing. Sure, they're probably the minority, but a sizable minority in an 11.5 million player base is not to be ignored.

The second concern is that of having to re-key your authenticator every time you log in, which for some players is fairly often (especially those with the previous concern and therefore have least-common-denominator equipment, resulting in frequent disconnects).

To solve the first problem, simply provide the tokens with the next expansion (Cataclysm) and require their use for any account upgraded to the new content. Sure, some old users won't upgrade. Those who can't afford to upgrade to the next expansion will of course be unprotected, but it's then more reasonable to say that you won't support replacing lost items when these accounts are hacked and they're also a less attractive target for such scams.

Next you have the harder concern. People who get logged out and have to re-connect, potentially in time-critical situations (like a 5-man group they'll be kicked from or a raid that will wipe). For these players, you offer a different way of authenticating (an option, but not the default) where they only have to authenticate once per day per IP address per account. Thus, the user would not be required to enter more than their password on the second login.

This is not an ideal model for shared resources such as school or work computers or laptops that are often left exposed, but it still solves for the primary threat of keyloggers and email scams. Plus, if it's not the default, then most users will never enable it, retaining a higher degree of security.

1 comment:

The way these kind of keys is "supposed" to work is that you get a pin, you plug the authenticator into a USB port, and when you type in the PIN, it gets compared by HW on the authenticator. From then on, the system can ask the authenticator "Please re auth" and there is no typing by the user.

I have an RSA token with a USB connector, but of course RSA hasn't made it work with Fedora yet, so I type the damn number in every time.